If you try to boot Qubes now, it will freeze while “setting up networking.” You
need to put the Broadcom wireless device into PCI passtrough [2,3]. Or, as
an alternative remove it from your Mac and Qubes will
boot up smoothly. If you choose to remove the card, jump to step 3.

MacBook Air 2012 (MacBookAir 5,1)

MacBook Pro Retina, 15 inch, Mid-2015 (MacBookPro 11,5)

In this section, I explain how I installed Qubes 3.2 on a MacBook Pro Retina 2015 (MacBookPro 11,5).
Good news: the relevant stuff works.
Bad news: still some minor issue to investigate.

For the time being, my setup is just for testing purposes and help to bypass some blocking issues: do not use it in production or on machine where security is a concern!
I hope to improve it as soon as possible.

During my nights trying to get Qubes OS working, I faced two main and blocking issues:

no boot, due to empty xen.cfg file

system freeze, due to Broadcom BCM43602 wifi card

I am already using Qubes for my daily job on Intel NUC. For the time being, I installed Qubes on Macbook for test purposes. Later on I will review the security implications.

This model has the following features:

2,5 GHz Intel Core i7-4870HQ (2 quad cores)

Dual Graphic Card

Intel Iris Pro

AMD Radeon R9 M370X

16Gb RAM

512Gb SDD

Broadcom BCM43602 802.11ac wifi adapter

1. Reclaim space to be able to multiboot OSX

For security reasons, you should install Qubes using the whole disk. I preferred to keep OSX, so I shrunk OS partition:

reboot in recovery mode

run disk utility and shrink OSX partition, eg 150GB for OSX and the remaining space for Qubes OS

reboot

2. Boot installer

Download and prepare a USB with Qubes 3.2

You can install Qubes using BIOS or UEFI:

BIOS/CSM/Legacy: I have not been able to install using legagy, but I did not spend a lot of time on it.

UEFI plain: grub menu appears, but any gave me a quick flash and returned the main menu. I can boot it manually fixing the grub.cfg file, adding commands linuexefi and initrdefi, pointing proper files in /efi/boot. After boot, I end up with no root file system.

UEFI, using rEFInd: I have been successful, despite some issues to be fixed manually, after installation completion

download rEFInd refind-bin-0.10.4.zip: this file is not signed, so decide if you trust it or not. SHA1 sum is 3d69c23b7d338419e5559a93cd6ae3ec66323b1e

unzip it and run installer, which installs rEFIind on the internal SSD

if installation fails due to SIP, reboot in recovery mode, open a terminal and issue command

csrutil disable

reboot and you will see some icons

choose Boot EFI\BOOT\xen.efi from ANACONDA

after a while the graphical installer is up (keyboard and touchpad working)

### 3. Installation

As a general rule, keep the default values proposed during installation: you can change them later on

Keep English, as language, locale

My macbook has a US keyboard, so I cannot say what happens if you change keyboard layout

DO NOT CHANGE the timezone, because it will trigger the wifi card, leading to a system freeze

Choose the “installation destination”: do not change anything and press DONE button

Insert your password for Full Disk Encryption

If you do not already have free space on internal SSD disk, you will be prompted to reclaim some space:

If you shrunk OSX partition, disk utility left an empy partition: delete useless partition (eg: if you shrunk OSX parition, diskutil created an empty partition)

Press on “reclaim space”

Press on “begin installation”

create your user and password

after a while, installation completes

DO NOT press “Reboot button”

Qubes OS is now installed, but you cannot boot it due to some issues, with bootloader configuration and wifi card.
You cannot Qubes boot using EFI/qubes/xen.efi because XEN bootloader configuration is broken.
You cannot even Qubes without XEN support, using GRUB2, because its configuration is broken too.

Let’s fix it manually, switch to console, pressing Fn+CTRL+ALT+F2

4. Fix GRUB configuration

You can skip this section, but I found it very useful - during troubleshooting - to have a rescue system at hand. I could boot Qubes, without XEN support

Grub configuration file is using some wrong commands, which are not compatible with grub2-efi

Now, despite XEN configuration is still broken, you have a rescue system booting vmlinux from rEFInd screen.
TBV1: chainloading XEN does not work, unless you specify the right disk prefix, eg: (hd1,gpt4)
TBV2: grub.cfg set the wrong disk in “set root” command
TBV3: in case you reach grub shell, you can

ls

and also reload config file and change it manualy before booting

configfile /EFI/qubes/grub.cfg

then press “e”, edit grub cfg and boot pressing Fn+F10

5. Fix bootloader

Fix grub2 configuration, which uses wrong command for EFI boot

analyzing /mnt/sysimage/var/log/anaconda/program.log I found the faulty commands issues by Anaconda installer

At rEFInd screen, choose Boot EFI/qubes/xen-4.6.1.efi
Everything should now be ok, Qubes OS boots using EFI and you will get the last setup screen

select “Qubes OS”, do not change anything and click on “Done”

VMs are created, including NetVM

6. Fix pulseaudio, which locks CPU freezing the system often for 20 seconds

My macbook has frequent freezes. Looking at journalctl output I saw that pulseaudio locks CPU for 20 seconds, very often.

You can fix this issue, killing audio support with this quick workaround:

open a dom0 terminal, as root and edit /etc/pulse/client.conf

add “autospawn = no”

Then, as normal user, issue command “pulseaudio –kill”

7. Fix system freezes due to Broadcom BCM43602

If you experience a system freeze, during VM setup, force a reboot and press OPTION key.

You will reach grub shell

configfile /EFI/qubes/grub.cfg

press Fn+F10 to boot without XEN support

Once booted, press Fn+CTRL+ALT+F4 to open a shell

Log into system

sudo su -
systemctl disable qubes-netvm

Press Fn+F2 and complete setup

reboot and you finally have your Qubes OS

DO NOT launch sys-net machine

Open its setting and remove wifi adapter from the Selected devices, using Qubes Manager or use the following command line. Get the BFD of the adapter and remove it. On my macbook BFD is 04:00.0 and you will use it later on, also